diff options
Diffstat (limited to 'lib/config/index.js')
| -rw-r--r-- | lib/config/index.js | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/lib/config/index.js b/lib/config/index.js index cbe6c39c..ee4817b3 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -4,11 +4,11 @@ const crypto = require('crypto') const fs = require('fs') const path = require('path') -const {merge} = require('lodash') +const { merge } = require('lodash') const deepFreeze = require('deep-freeze') -const {Environment, Permission} = require('./enum') +const { Environment, Permission } = require('./enum') const logger = require('../logger') -const {getGitCommit, getGitHubURL} = require('./utils') +const { getGitCommit, getGitHubURL } = require('./utils') const appRootPath = path.resolve(__dirname, '../../') const env = process.env.NODE_ENV || Environment.development @@ -17,7 +17,7 @@ const debugConfig = { } // Get version string from package.json -const {version, repository} = require(path.join(appRootPath, 'package.json')) +const { version, repository } = require(path.join(appRootPath, 'package.json')) const commitID = getGitCommit(appRootPath) const sourceURL = getGitHubURL(repository.url, commitID || version) @@ -128,7 +128,7 @@ if (config.gitlab && config.gitlab.version !== 'v4' && config.gitlab.version !== config.gitlab.version = 'v4' } // If gitlab scope is api, enable snippets Export/import -config.isGitlabSnippetsEnable = (!config.gitlab.scope || config.gitlab.scope === 'api') +config.isGitlabSnippetsEnable = (!config.gitlab.scope || config.gitlab.scope === 'api') && config.isGitLabEnable // Only update i18n files in development setups config.updateI18nFiles = (env === Environment.development) @@ -152,20 +152,20 @@ for (let i = keys.length; i--;) { // Notify users about the prefix change and inform them they use legacy prefix for environment variables if (Object.keys(process.env).toString().indexOf('HMD_') !== -1) { - logger.warn('Using legacy HMD prefix for environment variables. Please change your variables in future. For details see: https://github.com/hackmdio/codimd#environment-variables-will-overwrite-other-server-configs') + logger.warn('Using legacy HMD prefix for environment variables. Please change your variables in future. For details see: https://github.com/codimd/server#environment-variables-will-overwrite-other-server-configs') } // Generate session secret if it stays on default values if (config.sessionSecret === 'secret') { logger.warn('Session secret not set. Using random generated one. Please set `sessionSecret` in your config.js file. All users will be logged out.') config.sessionSecret = crypto.randomBytes(Math.ceil(config.sessionSecretLen / 2)) // generate crypto graphic random number - .toString('hex') // convert to hexadecimal format - .slice(0, config.sessionSecretLen) // return required number of characters + .toString('hex') // convert to hexadecimal format + .slice(0, config.sessionSecretLen) // return required number of characters } // Validate upload upload providers -if (['filesystem', 's3', 'minio', 'imgur', 'azure'].indexOf(config.imageUploadType) === -1) { - logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio", "azure" or "imgur". Defaulting to "filesystem"') +if (['filesystem', 's3', 'minio', 'imgur', 'azure', 'lutim'].indexOf(config.imageUploadType) === -1) { + logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio", "azure", "lutim" or "imgur". Defaulting to "filesystem"') config.imageUploadType = 'filesystem' } @@ -189,6 +189,12 @@ switch (config.imageUploadType) { ] } +// Disable PDF export due to security issue +if (config.allowPDFExport) { + config.allowPDFExport = false + logger.warn('PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.') +} + // generate correct path config.sslCAPath.forEach(function (capath, i, array) { array[i] = path.resolve(appRootPath, capath) |